Hi @mdoadmin,
First configure your real time alert as shown here :
https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/DefineRealTimeAlerts
Then make sure your email configurations are done properly as follows :
https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/Alert/Emailnotification
Finally test, test and let us know if it's working.
PS: avoid using real time alerts as it consumes a lot of compute and in most cases can be replaced by an alert that can run every 5 or even 10 mins depending on the required response time in your SLA.
Cheers,
David
... View more